Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problems accessing pfSense

    Problems Installing or Upgrading pfSense Software
    2
    4
    2.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      miles267
      last edited by

      Just encountered a similar situation.  Not sure how to resolve:

      • suddenly I cannot SSH over internet to my pfsense box
      • I cannot access the WebUI from the internet
      • I can RDP from the internet into only 1 PC behind my pfsense box
      • From that PC, I can access my WebUI
      • Snort shows no alerts or blocked IPs

      If I reboot the pfsense box, everything is OK until SSH "crashes" the next time (have been seeing it happen more often than I'd like lately).  Not sure how to troubleshoot this or where I might see logging info to trace the issue.  I had hoped it was simply my internet IP being blocked.  Even that IP is added to my whitelist within snort.

      Any help would be much appreciated.  Thanks.

      1 Reply Last reply Reply Quote 0
      • M
        miles267
        last edited by

        This issue has been happened with an increased frequency.  However it appears to happen only after more than one remote session is established with the Pfsense box.  For example, 1-user connected to the Web GUI and 1-user logged into SSH, etc.  Once it happens, the pfsense box is only accessible from within the LAN.  It cannot be accessed via the WAN regardless of method (SSH, Web GUI HTTPS, etc.).

        What causes this issue?

        1 Reply Last reply Reply Quote 0
        • W
          wallabybob
          last edited by

          The command and its response (or URL and browser report) are nearly always more informative than the non-technical summary "can't access".

          @miles267:

          What causes this issue?

          It is difficult to say without more information such as the error report from the application attempting the access.

          1 Reply Last reply Reply Quote 0
          • M
            miles267
            last edited by

            Understood.  Turns out, through some trial and error, it may have been due to a Snort-HTTP DOUBLE DECODING ATTACK.  While I noticed this message in my SYSTEM LOG, it did not appear among the BLOCKED tab.  Only visible among the ALERTS tab.  I've since suppressed this alert rule and it seems to have restored external access to my pfsense box without requiring a reboot.

            Will monitor my system since suppressing this rule to see whether it recurs in which case it may be attributed to snort (possibly).

            I think the HTTP DOUBLE DECODING ATTACK may have been the cause as once I cleared it, I was able to access my Web GUI login page from multiple external systems originating from multiple different internet IP addresses (without clearing any blocked IPs from the snort blocked tab).

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.